Login
Register
facebook
07989475537
Menu
About Us
Industry Sectors
The Team
Jobs
Events
Privacy Statement
Login
Register
Job Search
Any Type
Permanent
Contract
Any Discipline
Business Continuity
Business Risk/Compliance
IT Audit
IT/Information/Cyber Security
Information/Business Risk
Developers/DevSecOps
Sales
Any Location
Berkshire
Bristol
Buckinghamshire
Cambridgeshire
Cheshire
Cornwall
Cumbria
Derbyshire
Devon
Dorset
Durham
East Sussex
East Yorkshire
Essex
Gloucestershire
Hampshire
Hertfordshire
Kent
Lancashire
Leicestershire
London
Lincolnshire
Manchester
Middlesex
Newcastle upon Tyne
Norfolk
Northamptonshire
Nottinghamshire
Oxfordshire
Shropshire
Somerset
Staffordshire
Suffolk
Surrey
West Sussex
Warwickshire
Bedfordshire
West Midlands
West Yorkshire
Wiltshire
Worcestershire
Scotland
Wales
Denmark
Qatar
New Item
Anywhere in the UK
Home
M25
Indian Ocean
This field contains illegal characters.
Sorry, this advert is now closed. Click
here
to view our live vacancies.
Business Information Security Officer
-
City of London
IT/Information/Cyber Security
Ref:
177
Date Posted:
Wednesday 10 Jul 2024
Title: Business Information Security Officer
Reference No: 2143
Company: Financial Services
Location: Can be based in UK, Ireland, Belgium, Luxembourg or Isle of Man
Reports to Group CISO
Salary: £90,000 or similar
The Role
The Business Information Security Officer is a key role in ensuring appropriate security posture of the Group. You will join a growing information security team and take accountability for managing information security for local business units. The Group operates across 10+ offices and data centre locations globally and is actively expanding into new territories.
Responsibilities
Manage security governance, risk and compliance of business units (and their branches) in Belgium, Luxembourg, Ireland, Isle of Man, Bermuda, the UK, Singapore, Italy and Spain.
Participate in relevant Risk & Compliance Committees and service review forums.
Collaborate with business stakeholders by engaging with various business units, security teams, and other stakeholders to understand their requirements, identify areas for improvement, and gather relevant information to support security initiatives.
Conduct risk control self-assessments. Conduct comprehensive analysis of business needs, security policies, and regulatory requirements to develop a deep understanding of security objectives. Translate these objectives into actionable requirements and recommendations. Implement the requirements in local business units.
Develop and maintain relevant documentation (inc. policies, processes, standards, procedures). Maintain accurate and up-to-date records to ensure accuracy of reporting.
Work closely with the business, IT and security team to develop effective security solutions aligned with business objectives. Evaluate existing processes, systems, and technologies to identify potential gaps, risks, and opportunities for improvement.
Coordinate and participate in management of security projects, ensuring timely delivery, effective resource allocation, and adherence to project timelines and budgets. Collaborate with cross-functional teams to ensure smooth implementation of security initiatives.
Produce accurate reporting and status updates for key stakeholders including the Executive & Board Committees.
Communicate complex security concepts and requirements in a clear and concise manner to both technical and non-technical stakeholders
Provide security consultancy to business initiatives. Support business programmes and projects.
Contribute to the security vision, strategy and tactical plans for Information Security in the company
Present current security risks and threats at technical and managerial levels.
Participate in Information Security Incident Response activities.
Monitor compliance with the organization's information security policies and procedures among employees, contractors and third parties.
Liaison with key stakeholders to create and enforce policy including business departments, IT, Legal, Internal Audit, and Compliance.
Lead the effort to ensure security compliance in accordance with regulatory requirements.
Role Requirements
Minimum of 3 years’ experience in similar role (GRC), 5 years’ experience in Information Security
Strong experience in defining and implementing security risk control management frameworks – i.e. CIS/SANS20, NIST CSF, ISO27001/27002, COBIT
Strong experience in system and network security
Strong experience dealing with Internal Audit and Risk Management functions
Experience in 2nd Line of Defence (Risk) – a plus
Experience in Security Operations – a plus
Ability to develop and implement strategies to ensure compliance with industry and data protection regulations (such as BMA, MAS, EU regulations, DORA, GDPR).
Knowledge and experience using security and Enterprise Risk Management tools.
Demonstratable experience working within hybrid (on-site and cloud based) environment
Ability to work independently and think proactively
Ability to deliver results through influencing others
Ability to effectively communicate with C-level executives and business managers
Good interpersonal, written and verbal communication and engagement skills with experience engaging own team, all levels of employees and external partners
Must have project management and organisational skills required to manage multiple priorities in a fast-paced environment.
Must have high attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency
Be energetic, passionate with a positive attitude
Relevant security certifications (CISSP, CISM, GCIA, CRISC, CGEIT, CCISO, etc.)
Excellent English language skills
French language skills – a plus
Dutch/Flemish language skills – a plus